[Bug 1687593] Re: Create OAUTH request token gives 401 error when request url is admin endpoint

OpenStack Infra 1687593 at bugs.launchpad.net
Tue May 2 11:15:15 UTC 2017


Fix proposed to branch: master
Review: https://review.openstack.org/461736

** Changed in: keystone
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-keystoneclient in Ubuntu.
https://bugs.launchpad.net/bugs/1687593

Title:
  Create OAUTH request token gives 401 error when request url is admin
  endpoint

Status in OpenStack Identity (keystone):
  In Progress
Status in python-keystoneclient package in Ubuntu:
  New

Bug description:
  Create request token API returns 401 error when the request URL is
  admin endpoint.

  Error scenario:
  URL used to generate OAUTH signature and for POST request is Keystone admin endpoint
  http://<keystone ip:port>/identity_admin/v3/OS-OAUTH1/request_token

  Working scenario:
  When the URL used to generate OAUTH signature is public endpoint, then the response is 201. 
  http://<keystone ip:port>/identity/v3/OS-OAUTH1/request_token

  Endpoints in devstack for identity:
  ocata at ocata-VirtualBox:~/devstack$ openstack endpoint list | grep identity
  | 549f73e17b0e471e95176bb508561bb3 | RegionOne | keystone     | identity          | True    | internal  | http://192.168.56.101/identity                    |
  | 739cda51666f4ab197241beac5c5c14c | RegionOne | keystone     | identity          | True    | admin     | http://192.168.56.101/identity_admin              |
  | a0eb39c0ecff46c3b61bc6184c42bc13 | RegionOne | keystone     | identity          | True    | public    | http://192.168.56.101/identity

  
  Steps to reproduce the problem:

  Run the python script in the below link (by changing the necessary credentials and IP address)
  https://pastebin.com/AqL9674n

  If #L38 is modified to public endpoint (http://<keystone
  ip:port>/identity/v3/OS-OAUTH1/request_token), the status code is 201.

  Seems like Keystone code verifies the OAUTH signature using Public
  endpoint irrespective of the request URL.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1687593/+subscriptions



More information about the Ubuntu-openstack-bugs mailing list